Freigeben über


如何知道AD物件在哪一台DC上被刪除?

我們可以採用以下方式.找出目前已經被刪除的Computer 清單及物件在哪一台DC 刪除的

ldifde  -f PCs.txt -d DomainDN -r objectclass=computer -x

repadmin /showobjmeta  DCName  DN

EX:

1. 使用ldifde 找出電腦物件包含已經刪除的物件 (windows 2003 sp2 ldifde 支援 -x 找出刪除物件清單)

ldifde  -f PCs.txt -d dc=cx1,dc=contoso,dc=com -r objectclass=computer -x

clip_image001

2.找出您要找的電腦物件名稱之DN

dn: CN=XPSP3-DDC78D77F\0ADEL:be8ee182-b4ee-426e-be94-e1498eb0b227,CN=Deleted Objects,DC=CX1,DC=contoso,DC=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn::
WFBTUDMtRERDNzhENzdGCkRFTDpiZThlZTE4Mi1iNGVlLTQyNmUtYmU5NC1lMTQ5OGViMGIyMjc=
distinguishedName:
CN=XPSP3-DDC78D77F\0ADEL:be8ee182-b4ee-426e-be94-e1498eb0b227,CN=Deleted Objects,DC=CX1,DC=contoso,DC=cominstanceType: 4
whenCreated: 20090318044556.0Z
whenChanged: 20090506050639.0Z
uSNCreated: 455982
isDeleted: TRUE

3.收集 刪除物件的屬性

repadmin /showobjmeta  box2  "CN=XPSP3-DDC78D77F\0ADEL:be8ee182-b4ee-426e-be94-e1498eb0b227,CN=Deleted Objects,DC=CX1,DC=contoso,DC=com"  

clip_image002

4.檢視 IsDeleted 物件.來自何DC

41 entries.

Loc.USN                          Originating DC   Org.USN  Org.Time/Date        Ver Attribute

=======                          =============== ========= =============        === =========

455982                                East\BOX1    575762 2009-03-18 12:45:56    1 objectClass

507995                                West\BOX2    507995 2009-05-06 13:06:39    4 cn

455982                                East\BOX1    575763 2009-03-18 12:45:56    1 description

455982                                East\BOX1    575762 2009-03-18 12:45:56    1 instanceType

455982                                East\BOX1    575762 2009-03-18 12:45:56    1 whenCreated

507995                                West\BOX2    507995 2009-05-06 13:06:39    3 displayName

507995 West\BOX2 507995 2009-05-06 13:06:39 1 isDeleted

455982                                East\BOX1    575762 2009-03-18 12:45:56    1 nTSecurityDescriptor

507995                                West\BOX2    507995 2009-05-06 13:06:39    4 name

455982                                East\BOX1    575764 2009-03-18 12:45:56    3 userAccountControl

507995                                West\BOX2    507995 2009-05-06 13:06:39    2 codePage

507995                                West\BOX2    507995 2009-05-06 13:06:39    2 countryCode

455982                                East\BOX1    575763 2009-03-18 12:45:56    1 homeDirectory

455982                                East\BOX1    575763 2009-03-18 12:45:56    1 homeDrive

455982                                East\BOX1    575764 2009-03-18 12:45:56    2 dBCSPwd

507995                                West\BOX2    507995 2009-05-06 13:06:39    2 localPolicyFlags

455982                                East\BOX1    575763 2009-03-18 12:45:56    1 scriptPath

455982                                East\BOX1    575763 2009-03-18 12:45:56    1 logonHours

455982                                East\BOX1    575763 2009-03-18 12:45:56    1 userWorkstations

507995                                West\BOX2    507995 2009-05-06 13:06:39    3 unicodePwd

507995                                West\BOX2    507995 2009-05-06 13:06:39    3 ntPwdHistory

507995                                West\BOX2    507995 2009-05-06 13:06:39    3 pwdLastSet

507995                                West\BOX2    507995 2009-05-06 13:06:39    2 primaryGroupID

507995                                West\BOX2    507995 2009-05-06 13:06:39    2 supplementalCredentials

455982                                East\BOX1    575763 2009-03-18 12:45:56    1 userParameters

455982                                East\BOX1    575763 2009-03-18 12:45:56    1 profilePath

455982                                East\BOX1    575762 2009-03-18 12:45:56    1 objectSid

455982                                East\BOX1    575763 2009-03-18 12:45:56    1 comment

507995                                West\BOX2    507995 2009-05-06 13:06:39    2 accountExpires

507995                                West\BOX2    507995 2009-05-06 13:06:39    3 lmPwdHistory

455982                                East\BOX1    575762 2009-03-18 12:45:56    1 sAMAccountName

507995                                West\BOX2    507995 2009-05-06 13:06:39    2 sAMAccountType

507995                                West\BOX2    507995 2009-05-06 13:06:39    2 operatingSystem

507995                                West\BOX2    507995 2009-05-06 13:06:39    2 operatingSystemVersion

507995                                West\BOX2    507995 2009-05-06 13:06:39    2 operatingSystemServicePack

455982                                East\BOX1    575767 2009-03-18 12:45:56    1 dNSHostName

507995                                West\BOX2    507995 2009-05-06 13:06:39    2 servicePrincipalName

507995                                West\BOX2    507995 2009-05-06 13:06:39    1 lastKnownParent

507995                                West\BOX2    507995 2009-05-06 13:06:39    2 objectCategory

507995                                West\BOX2    507995 2009-05-06 13:06:39    2 isCriticalSystemObject

507995                                West\BOX2    507995 2009-05-06 13:06:39    3 lastLogonTimestamp

0 entries.

Type    Attribute     Last Mod Time                             Originating DC  Loc.USN Org.USN Ver

======= ============  =============                           ================= ======= ======= ===

        Distinguished Name

        =============================